Re: gpg et co

From: Lubomir Gelo <slon slon sk>
To: Brian Stafford <brian stafford uklinux net>
Cc: chbm chbm nu, Balsa List <balsa-list gnome org>
Subject: Re: gpg et co
Date: Thu, 12 Jul 2001 18:30:17 +0200

On Thu, 12 Jul 2001 15:29:10 Brian Stafford wrote:

> On Thu, 12 July 14:18 Carlos Morgado wrote:
> 
> > not very practical cause gpg/pgp signatures are sent in mime attachments. 
> > the plugin would need a way to access the whole message
> > 
> > honestly, i think this belongs in gnome-mime or VFS, not the mta itself.
> > the "neat" design would be to have balsa being a Mailbox or MessageStream
> > or whatnot server for Bonobo/VFS and then have a crypto server capable of 
> > fetching messages from balsa and oking them or not. also you could say 
> > take this message and give me a back a application/gpg-encripted mime attach
> > or a gpg-signature. having that in place, the crypto server and mail server
> > choices would be left to the user.
> > bloat ? why of course! but this is Gnome ;)

Carlos, you talk like Miguel. Bonobo here, Mono over there :-)

> I would argue that since MIME is a mechanism for representing complex
> hierarchical documents, all MIME functionality in a program should be
> handled by a library specifically designed for that purpose. (Gmime
> comes to mind.)  Encrpytion and signing support should be an integral part
> of that mechanism, i.e. from within, not bolted on to the outside of it.

I partially agree with both of you: encryption should be done on system-wide
level (either via library or cryptoserver or whatever).  But thats what GPG is 
supposed to do. Yes, I know it interfaces with applications badly (mainly 
because of Werner :-)) and pipe interface sucks.  

Brian, mail en(de)cryption is requires more than parsing MIME document and
encrypting/signing it. You need key management, user interface etc. That's far
beyond the gmime scope.  

I think that soulution is in colaboration with Seahorse ppl. We can have wrapper
around ugly gpg pipe interface that every Gnome app (Seahorse/Balsa/
SuperFileCryptor/whatever) can use.  When there will be better interface to
gpg (Personally I don't belive it will be anytime soon) we just change our wrapper.
And now I have to agree with Carlos, it should be the Bonbobo component.

PS:
IMO encryption support is much more important than most of us think. Integration with MUA 
(from the user perspective) should be as tight as possible. People should get used to it and 
use it in their everyday communication. That's why I think that having working GGP integration 
albeit using crappy pipe interface is a way better than having no encryption at all.  

slon!

-- 
To me, M$ is a big kid who needs to have the whole sandbox for himself. 
Until that child can learn to share, I'll play with the kids that do share the sandbox.

Follow-Ups:
- Re: gpg et co
  - From: Brian Stafford

References:
- Re: gpg et co
  - From: Maciej Golebiewski
- Re: gpg et co
  - From: Carlos Morgado
- Re: gpg et co
  - From: Brian Stafford

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]